OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 477 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
488 for (const auto& policy : policies) { | 488 for (const auto& policy : policies) { |
489 isAllowed &= (policy.get()->*allowFromURLWithNonce)( | 489 isAllowed &= (policy.get()->*allowFromURLWithNonce)( |
490 url, nonce, redirectStatus, reportingPolicy); | 490 url, nonce, redirectStatus, reportingPolicy); |
491 } | 491 } |
492 return isAllowed; | 492 return isAllowed; |
493 } | 493 } |
494 | 494 |
495 template <bool (CSPDirectiveList::*allowFromURLWithNonceAndParser)( | 495 template <bool (CSPDirectiveList::*allowFromURLWithNonceAndParser)( |
496 const KURL&, | 496 const KURL&, |
497 const String& nonce, | 497 const String& nonce, |
| 498 const IntegrityMetadataSet& hashes, |
498 ParserDisposition parserDisposition, | 499 ParserDisposition parserDisposition, |
499 RedirectStatus, | 500 RedirectStatus, |
500 SecurityViolationReportingPolicy) const> | 501 SecurityViolationReportingPolicy) const> |
501 bool isAllowedByAll(const CSPDirectiveListVector& policies, | 502 bool isAllowedByAll(const CSPDirectiveListVector& policies, |
502 const KURL& url, | 503 const KURL& url, |
503 const String& nonce, | 504 const String& nonce, |
| 505 const IntegrityMetadataSet& hashes, |
504 ParserDisposition parserDisposition, | 506 ParserDisposition parserDisposition, |
505 RedirectStatus redirectStatus, | 507 RedirectStatus redirectStatus, |
506 SecurityViolationReportingPolicy reportingPolicy) { | 508 SecurityViolationReportingPolicy reportingPolicy) { |
507 if (ContentSecurityPolicy::shouldBypassContentSecurityPolicy(url)) { | 509 if (ContentSecurityPolicy::shouldBypassContentSecurityPolicy(url)) { |
508 // If we're running experimental features, bypass CSP only for | 510 // If we're running experimental features, bypass CSP only for |
509 // non-parser-inserted resources whose scheme otherwise bypasses CSP. If | 511 // non-parser-inserted resources whose scheme otherwise bypasses CSP. If |
510 // we're not running experimental features, bypass CSP for all resources | 512 // we're not running experimental features, bypass CSP for all resources |
511 // regardless of parser state. Once we have more data via the | 513 // regardless of parser state. Once we have more data via the |
512 // 'ScriptWithCSPBypassingScheme*' metrics, make a decision about what | 514 // 'ScriptWithCSPBypassingScheme*' metrics, make a decision about what |
513 // behavior to ship. https://crbug.com/653521 | 515 // behavior to ship. https://crbug.com/653521 |
514 if (parserDisposition == NotParserInserted || | 516 if (parserDisposition == NotParserInserted || |
515 !RuntimeEnabledFeatures:: | 517 !RuntimeEnabledFeatures:: |
516 experimentalContentSecurityPolicyFeaturesEnabled()) { | 518 experimentalContentSecurityPolicyFeaturesEnabled()) { |
517 return true; | 519 return true; |
518 } | 520 } |
519 } | 521 } |
520 | 522 |
521 bool isAllowed = true; | 523 bool isAllowed = true; |
522 for (const auto& policy : policies) { | 524 for (const auto& policy : policies) { |
523 isAllowed &= (policy.get()->*allowFromURLWithNonceAndParser)( | 525 isAllowed &= (policy.get()->*allowFromURLWithNonceAndParser)( |
524 url, nonce, parserDisposition, redirectStatus, reportingPolicy); | 526 url, nonce, hashes, parserDisposition, redirectStatus, reportingPolicy); |
525 } | 527 } |
526 return isAllowed; | 528 return isAllowed; |
527 } | 529 } |
528 | 530 |
529 template <bool (CSPDirectiveList::*allowed)(LocalFrame*, | 531 template <bool (CSPDirectiveList::*allowed)(LocalFrame*, |
530 const KURL&, | 532 const KURL&, |
531 SecurityViolationReportingPolicy) | 533 SecurityViolationReportingPolicy) |
532 const> | 534 const> |
533 bool isAllowedByAll(const CSPDirectiveListVector& policies, | 535 bool isAllowedByAll(const CSPDirectiveListVector& policies, |
534 LocalFrame* frame, | 536 LocalFrame* frame, |
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
691 if (parentCSP && !parentCSP->allowPluginType(type, typeAttribute, url)) | 693 if (parentCSP && !parentCSP->allowPluginType(type, typeAttribute, url)) |
692 return false; | 694 return false; |
693 } | 695 } |
694 | 696 |
695 return true; | 697 return true; |
696 } | 698 } |
697 | 699 |
698 bool ContentSecurityPolicy::allowScriptFromSource( | 700 bool ContentSecurityPolicy::allowScriptFromSource( |
699 const KURL& url, | 701 const KURL& url, |
700 const String& nonce, | 702 const String& nonce, |
| 703 const IntegrityMetadataSet& hashes, |
701 ParserDisposition parserDisposition, | 704 ParserDisposition parserDisposition, |
702 RedirectStatus redirectStatus, | 705 RedirectStatus redirectStatus, |
703 SecurityViolationReportingPolicy reportingPolicy) const { | 706 SecurityViolationReportingPolicy reportingPolicy) const { |
704 if (shouldBypassContentSecurityPolicy(url)) { | 707 if (shouldBypassContentSecurityPolicy(url)) { |
705 UseCounter::count( | 708 UseCounter::count( |
706 document(), | 709 document(), |
707 parserDisposition == ParserInserted | 710 parserDisposition == ParserInserted |
708 ? UseCounter::ScriptWithCSPBypassingSchemeParserInserted | 711 ? UseCounter::ScriptWithCSPBypassingSchemeParserInserted |
709 : UseCounter::ScriptWithCSPBypassingSchemeNotParserInserted); | 712 : UseCounter::ScriptWithCSPBypassingSchemeNotParserInserted); |
710 } | 713 } |
711 return isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>( | 714 return isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>( |
712 m_policies, url, nonce, parserDisposition, redirectStatus, | 715 m_policies, url, nonce, hashes, parserDisposition, redirectStatus, |
713 reportingPolicy); | 716 reportingPolicy); |
714 } | 717 } |
715 | 718 |
716 bool ContentSecurityPolicy::allowScriptWithHash(const String& source, | 719 bool ContentSecurityPolicy::allowScriptWithHash(const String& source, |
717 InlineType type) const { | 720 InlineType type) const { |
718 return checkDigest<&CSPDirectiveList::allowScriptHash>( | 721 return checkDigest<&CSPDirectiveList::allowScriptHash>( |
719 source, type, m_scriptHashAlgorithmsUsed, m_policies); | 722 source, type, m_scriptHashAlgorithmsUsed, m_policies); |
720 } | 723 } |
721 | 724 |
722 bool ContentSecurityPolicy::allowStyleWithHash(const String& source, | 725 bool ContentSecurityPolicy::allowStyleWithHash(const String& source, |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
772 case WebURLRequest::RequestContextFont: | 775 case WebURLRequest::RequestContextFont: |
773 return allowFontFromSource(url, redirectStatus, reportingPolicy); | 776 return allowFontFromSource(url, redirectStatus, reportingPolicy); |
774 case WebURLRequest::RequestContextForm: | 777 case WebURLRequest::RequestContextForm: |
775 return allowFormAction(url, redirectStatus, reportingPolicy); | 778 return allowFormAction(url, redirectStatus, reportingPolicy); |
776 case WebURLRequest::RequestContextFrame: | 779 case WebURLRequest::RequestContextFrame: |
777 case WebURLRequest::RequestContextIframe: | 780 case WebURLRequest::RequestContextIframe: |
778 return allowFrameFromSource(url, redirectStatus, reportingPolicy); | 781 return allowFrameFromSource(url, redirectStatus, reportingPolicy); |
779 case WebURLRequest::RequestContextImport: | 782 case WebURLRequest::RequestContextImport: |
780 case WebURLRequest::RequestContextScript: | 783 case WebURLRequest::RequestContextScript: |
781 case WebURLRequest::RequestContextXSLT: | 784 case WebURLRequest::RequestContextXSLT: |
782 return allowScriptFromSource(url, nonce, parserDisposition, | 785 return allowScriptFromSource(url, nonce, integrityMetadata, |
783 redirectStatus, reportingPolicy); | 786 parserDisposition, redirectStatus, |
| 787 reportingPolicy); |
784 case WebURLRequest::RequestContextManifest: | 788 case WebURLRequest::RequestContextManifest: |
785 return allowManifestFromSource(url, redirectStatus, reportingPolicy); | 789 return allowManifestFromSource(url, redirectStatus, reportingPolicy); |
786 case WebURLRequest::RequestContextServiceWorker: | 790 case WebURLRequest::RequestContextServiceWorker: |
787 case WebURLRequest::RequestContextSharedWorker: | 791 case WebURLRequest::RequestContextSharedWorker: |
788 case WebURLRequest::RequestContextWorker: | 792 case WebURLRequest::RequestContextWorker: |
789 return allowWorkerContextFromSource(url, redirectStatus, reportingPolicy); | 793 return allowWorkerContextFromSource(url, redirectStatus, reportingPolicy); |
790 case WebURLRequest::RequestContextStyle: | 794 case WebURLRequest::RequestContextStyle: |
791 return allowStyleFromSource(url, nonce, redirectStatus, reportingPolicy); | 795 return allowStyleFromSource(url, nonce, redirectStatus, reportingPolicy); |
792 case WebURLRequest::RequestContextCSPReport: | 796 case WebURLRequest::RequestContextCSPReport: |
793 case WebURLRequest::RequestContextDownload: | 797 case WebURLRequest::RequestContextDownload: |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
894 RedirectStatus redirectStatus, | 898 RedirectStatus redirectStatus, |
895 SecurityViolationReportingPolicy reportingPolicy) const { | 899 SecurityViolationReportingPolicy reportingPolicy) const { |
896 // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure the | 900 // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure the |
897 // impact of this backwards-incompatible change. | 901 // impact of this backwards-incompatible change. |
898 if (Document* document = this->document()) { | 902 if (Document* document = this->document()) { |
899 UseCounter::count(*document, UseCounter::WorkerSubjectToCSP); | 903 UseCounter::count(*document, UseCounter::WorkerSubjectToCSP); |
900 if (isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>( | 904 if (isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>( |
901 m_policies, url, redirectStatus, | 905 m_policies, url, redirectStatus, |
902 SecurityViolationReportingPolicy::SuppressReporting) && | 906 SecurityViolationReportingPolicy::SuppressReporting) && |
903 !isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>( | 907 !isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>( |
904 m_policies, url, AtomicString(), NotParserInserted, redirectStatus, | 908 m_policies, url, AtomicString(), IntegrityMetadataSet(), |
| 909 NotParserInserted, redirectStatus, |
905 SecurityViolationReportingPolicy::SuppressReporting)) { | 910 SecurityViolationReportingPolicy::SuppressReporting)) { |
906 UseCounter::count(*document, | 911 UseCounter::count(*document, |
907 UseCounter::WorkerAllowedByChildBlockedByScript); | 912 UseCounter::WorkerAllowedByChildBlockedByScript); |
908 } | 913 } |
909 } | 914 } |
910 | 915 |
911 return isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>( | 916 return isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>( |
912 m_policies, url, redirectStatus, reportingPolicy); | 917 m_policies, url, redirectStatus, reportingPolicy); |
913 } | 918 } |
914 | 919 |
(...skipping 696 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1611 if (SecurityOrigin::shouldUseInnerURL(url)) { | 1616 if (SecurityOrigin::shouldUseInnerURL(url)) { |
1612 return SchemeRegistry::schemeShouldBypassContentSecurityPolicy( | 1617 return SchemeRegistry::schemeShouldBypassContentSecurityPolicy( |
1613 SecurityOrigin::extractInnerURL(url).protocol(), area); | 1618 SecurityOrigin::extractInnerURL(url).protocol(), area); |
1614 } else { | 1619 } else { |
1615 return SchemeRegistry::schemeShouldBypassContentSecurityPolicy( | 1620 return SchemeRegistry::schemeShouldBypassContentSecurityPolicy( |
1616 url.protocol(), area); | 1621 url.protocol(), area); |
1617 } | 1622 } |
1618 } | 1623 } |
1619 | 1624 |
1620 } // namespace blink | 1625 } // namespace blink |
OLD | NEW |